Execute initDbSession() on DB reconnects

Previously, the initDbSession() function would only be run on the initial connect. Since the initDbSession() code in PostgreSQL is used to fix the CVE-2013-4422 SQL Injection bug, this means that Quassel was still vulnerable to that CVE if the PostgreSQL server is restarted or the connection is lost at any point while Quassel is running. This bug also causes the Qt5 psql timezone fix to stop working after a reconnect. The fix is to disable Qt's automatic reconnecting, check the connection status ourselves, and reconnect if necessary, executing the initDbSession() function afterward.
quassel · Apr 23, 2015 · 6605882 · 6605882
1 parent 9e7ee3a
commit 6605882
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/core/abstractsqlstorage.cpp b/src/core/abstractsqlstorage.cpp
@@ -53,7 +53,14 @@ QSqlDatabase AbstractSqlStorage::logDb()
     if (!_connectionPool.contains(QThread::currentThread()))
         addConnectionToPool();
 
-    return QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name());
+    QSqlDatabase db = QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name(),false);
+
+    if (!db.isOpen()) {
+        qWarning() << "Database connection" << displayName() << "for thread" << QThread::currentThread() << "was lost, attempting to reconnect...";
+        dbConnect(db);
+    }
+
+    return db;
 }
 
 
@@ -90,6 +97,12 @@ void AbstractSqlStorage::addConnectionToPool()
         db.setPassword(password());
     }
 
+    dbConnect(db);
+}
+
+
+void AbstractSqlStorage::dbConnect(QSqlDatabase &db)
+{
     if (!db.open()) {
         quWarning() << "Unable to open database" << displayName() << "for thread" << QThread::currentThread();
         quWarning() << "-" << db.lastError().text();

diff --git a/src/core/abstractsqlstorage.h b/src/core/abstractsqlstorage.h
@@ -87,6 +87,7 @@ private slots:
 
 private:
     void addConnectionToPool();
+    void dbConnect(QSqlDatabase &db);
 
     int _schemaVersion;
     bool _debug;